[Putty Fatal Error: "Server sent disconnect message type 2 (protocol error): "Too many authentication failures] While connecting to vCenter via SSH
searchcancel
[Putty Fatal Error: "Server sent disconnect message type 2 (protocol error): "Too many authentication failures] While connecting to vCenter via SSH
book
Article ID: 381256
calendar_today
Updated On: 11-12-2024
Products
VMware vCenter Server
Issue/Introduction
You will receive an error like the following if this is affecting your SSH logins to the vCenter server:
/var/log/vmware/messages
2024-10-25T17:55:23.608441+00:00 [Server FQDN] sshd[18354] rexec line 134: Deprecated option UsePrivilegeSeparation 2024-10-25T17:55:23.608611+00:00 [Server FQDN] sshd[18354] rexec line 135: Deprecated option RhostsRSAAuthentication 2024-10-25T17:55:23.611096+00:00 [Server FQDN] sshd[18354] FIPS mode initialized 2024-10-25T17:55:25.811331+00:00 [Server FQDN] sshd[18354] reprocess config line 135: Deprecated option RhostsRSAAuthentication 2024-10-25T17:55:25.811672+00:00 [Server FQDN] sshd[18354] User root from X.X.X.X not allowed because none of user's groups are listed in AllowGroups <------ Primary error 2024-10-25T17:55:33.275377+00:00 [Server FQDN] sshd[18354] pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.240.244.187 user=root 2024-10-25T17:55:37.261366+00:00 [Server FQDN] sshd[18354] Failed password for invalid user root from x.x.x.x port 57329 ssh2
No other user or jump is able to access the vCenter as well.
SSH is enabled.
Rebooting does not resolve the issue.
Root password reset via GRUB does not address the problem as well.
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware vCenter Server 7.0.x
Cause
In vCenter, the sshd_config file contained the following parameter:
The AllowGroups parameter in the sshd_config file is a configuration directive that restricts SSH access to users who are members of the wheel group. This means that only users who belong to the wheel group are allowed to authenticate and connect to the system via SSH.
wheel is typically a special administrative group in many UNIX-like systems, including Linux and macOS, that is often used to grant users the ability to perform administrative tasks (e.g., sudo access). The wheel group is commonly used to restrict certain administrative commands or provide privileged access.
Resolution
Determined that SSH access was blocked due to `AllowGroups wheel` in `/etc/ssh/sshd_config` following the error logged in messages file.
Created a backup of the original `sshd_config` file:
cp sshd_config sshd_config.bak
Took a non-memory, non-quiesced snapshot of the vCenter system.
Opened `/etc/ssh/sshd_config` with `vi` editor and commented out the `AllowGroups wheel` line.
Saved the modified `sshd_config` file.
Press ESC
Type :wq! and hit Enter
Restarted the SSH service to apply the changes.
Verified that SSH access was restored and successfully logged in and revoked if the parameter `AllowGroups` wheel is removed from the comment.
Monitored the system to ensure normal operation after the update.
Additional Information
If in any case the above solution does not work, then add the root user in the Allow Groups